Chromium Code Reviews Chromium Code Reviews
Issue 75653002:
[webcrypto] Add RSAES-PKCS1-v1_5 encrypt and decrypt for NSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: content/renderer/webcrypto/webcrypto_impl_nss.cc |
| diff --git a/content/renderer/webcrypto/webcrypto_impl_nss.cc b/content/renderer/webcrypto/webcrypto_impl_nss.cc |
| index 1590a09961558af8bc8d14fd7f28b86ea432e7aa..b5d55c56c01ceec2074d0f1fac33d324cc59f78b 100644 |
| --- a/content/renderer/webcrypto/webcrypto_impl_nss.cc |
| +++ b/content/renderer/webcrypto/webcrypto_impl_nss.cc |
| @@ -250,9 +250,47 @@ bool WebCryptoImpl::EncryptInternal( |
| const unsigned char* data, |
| unsigned data_size, |
| blink::WebArrayBuffer* buffer) { |
| + |
| + DCHECK_EQ(algorithm.id(), key.algorithm().id()); |
| + DCHECK(key.handle()); |
| + DCHECK(buffer); |
| + |
| if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc) { |
| return AesCbcEncryptDecrypt( |
| CKA_ENCRYPT, algorithm, key, data, data_size, buffer); |
| + } else if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) { |
|
eroman
2013/11/21 02:07:01
@rsleevi: Can you review this file as well? (Since
|
| + |
| + // RSAES encryption does not support empty input |
| + if (!data_size) |
| + return false; |
| + DCHECK(data); |
| + |
| + if (key.type() != blink::WebCryptoKeyTypePublic) |
| + return false; |
| + |
| + PublicKeyHandle* const public_key = |
| + reinterpret_cast<PublicKeyHandle*>(key.handle()); |
| + |
| + const unsigned encrypted_length_bytes = |
| + SECKEY_PublicKeyStrength(public_key->key()); |
| + |
| + // RSAES can operate on messages up to a length of k - 11, where k is the |
| + // octet length of the RSA modulus. |
| + if (encrypted_length_bytes < 11 || encrypted_length_bytes - 11 < data_size) |
| + return false; |
| + |
| + *buffer = blink::WebArrayBuffer::create(encrypted_length_bytes, 1); |
| + unsigned char* const buffer_data = |
| + reinterpret_cast<unsigned char*>(buffer->data()); |
| + |
| + if (PK11_PubEncryptPKCS1(public_key->key(), |
| + buffer_data, |
| + const_cast<unsigned char*>(data), |
| + data_size, |
| + NULL) != SECSuccess) { |
| + return false; |
| + } |
| + return true; |
| } |
| return false; |
| @@ -264,9 +302,49 @@ bool WebCryptoImpl::DecryptInternal( |
| const unsigned char* data, |
| unsigned data_size, |
| blink::WebArrayBuffer* buffer) { |
| + |
| + DCHECK_EQ(algorithm.id(), key.algorithm().id()); |
| + DCHECK(key.handle()); |
| + DCHECK(buffer); |
| + |
| if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc) { |
| return AesCbcEncryptDecrypt( |
| CKA_DECRYPT, algorithm, key, data, data_size, buffer); |
| + } else if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) { |
| + |
| + // RSAES decryption does not support empty input |
| + if (!data_size) |
| + return false; |
| + DCHECK(data); |
| + |
| + if (key.type() != blink::WebCryptoKeyTypePrivate) |
| + return false; |
| + |
| + PrivateKeyHandle* const private_key = |
| + reinterpret_cast<PrivateKeyHandle*>(key.handle()); |
| + |
| + const int modulus_length_bytes = |
| + PK11_GetPrivateModulusLen(private_key->key()); |
| + if (modulus_length_bytes <= 0) |
| + return false; |
| + const unsigned max_output_length_bytes = modulus_length_bytes; |
| + |
| + *buffer = blink::WebArrayBuffer::create(max_output_length_bytes, 1); |
| + unsigned char* const buffer_data = |
| + reinterpret_cast<unsigned char*>(buffer->data()); |
| + |
| + unsigned output_length_bytes = 0; |
| + if (PK11_PrivDecryptPKCS1(private_key->key(), |
| + buffer_data, |
| + &output_length_bytes, |
| + max_output_length_bytes, |
| + const_cast<unsigned char*>(data), |
| + data_size) != SECSuccess) { |
| + return false; |
| + } |
| + DCHECK_LE(output_length_bytes, max_output_length_bytes); |
| + WebCryptoImpl::ShrinkBuffer(buffer, output_length_bytes); |
| + return true; |
| } |
| return false; |
